security/acme-client: API token support for CF

added rudimentary help tokens should be treated like passwords
Alphakilo · Sep 19, 2019 · 3a4edf2 · 3a4edf2
1 parent 85ff6ca
commit 3a4edf2
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 0 deletions.
diff --git a/...me-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogValidation.xml b/...me-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogValidation.xml
@@ -192,7 +192,19 @@
     <field>
         <id>validation.dns_cf_key</id>
         <label>CF Key</label>
+        <type>password</type>
+    </field>
+    <field>
+        <id>validation.dns_cf_account_id</id>
+        <label>CF Account ID</label>
         <type>text</type>
+        <help>Can be found in the URI after loggin into the Cloudflare dashboard.</help>
+    </field>
+    <field>
+        <id>validation.dns_cf_token</id>
+        <label>CF API Token</label>
+        <type>password</type>
+        <help>The token needs "Read" access to Zone.Zone and "Edit" to Zone.DNS across "All zones from an account".</help>
     </field>
     <field>
         <label>ClouDNS</label>

diff --git a/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml b/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml
@@ -458,6 +458,12 @@
                 <dns_cf_key type="TextField">
                     <Required>N</Required>
                 </dns_cf_key>
+                <dns_cf_token type="TextField">
+                    <Required>N</Required>
+                </dns_cf_token>
+                <dns_cf_account_id type="TextField">
+                    <Required>N</Required>
+                </dns_cf_account_id>
                 <dns_cloudns_auth_id type="TextField">
                     <Required>N</Required>
                 </dns_cloudns_auth_id>

diff --git a/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php b/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php
@@ -642,6 +642,9 @@ function run_acme_validation($certObj, $valObj, $acctObj)
             case 'dns_cf':
                 $proc_env['CF_Key'] = (string)$valObj->dns_cf_key;
                 $proc_env['CF_Email'] = (string)$valObj->dns_cf_email;
+                // FIXME Only one auth method should be present in ENV
+                $proc_env['CF_Token'] = (string)$valObj->dns_cf_token;
+                $proc_env['CF_Account_ID'] = (string)$valObj->dns_cf_account_id;
                 break;
             case 'dns_cloudns':
                 $proc_env['CLOUDNS_AUTH_ID'] = (string)$valObj->dns_cloudns_auth_id;